Changeset 7633
- Timestamp:
- 04/08/2008 05:30:14 PM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-login.php
r7524 r7633 91 91 do_action('retrieve_password', $user_login); 92 92 93 $key = $wpdb->get_var( "SELECT user_activation_key FROM $wpdb->users WHERE user_login = '$user_login'");93 $key = $wpdb->get_var($wpdb->prepare("SELECT user_activation_key FROM $wpdb->users WHERE user_login = %s", $user_login)); 94 94 if ( empty($key) ) { 95 95 // Generate something random for a key... … … 97 97 do_action('retrieve_password_key', $user_login, $key); 98 98 // Now insert the new md5 key into the db 99 $wpdb->query( "UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'");99 $wpdb->query($wpdb->prepare("UPDATE $wpdb->users SET user_activation_key = %s WHERE user_login = %s", $key, $user_login)); 100 100 } 101 101 $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n"; … … 119 119 return new WP_Error('invalid_key', __('Invalid key')); 120 120 121 $user = $wpdb->get_row( "SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'");121 $user = $wpdb->get_row($wpdb->prepare("SELECT * FROM $wpdb->users WHERE user_activation_key = %s", $key)); 122 122 if ( empty( $user ) ) 123 123 return new WP_Error('invalid_key', __('Invalid key'));
Note: See TracChangeset
for help on using the changeset viewer.